As noted in the first part of this series, Security and Reliability encompasses holistic network assessments, vulnerability assessments, and penetration testing. In this post I'd like to go deeper into network assessments. I stated last time that the phrase "network assessment" is broad. Assessments may be categorized as "internal" (behind the firewall, corporate infrastructure) or "external" (outside the firewall, Internet infrastructure). Regardless of the scope and areas of technology assessed, the goals are to assess the current state of your infrastructure with respect to industry best practices, to provide a gap analysis that shows where best practices are not met, and finally to provide remediation steps to fill those gaps.

Internal network assessments may be highly customized and should evaluate a wide range of network infrastructure or specific areas of technology, including but not limited to:

Network switching/routing

Firewall and IDS/IPS

Wireless (Wi-Fi, microwave, satellite, etc.)

VoIP

DNS/DHCP/IPAM

Server infrastructure

Application

Client/desktop

System builds

Anti-virus/anti-malware

Physical security

External network assessments may also be customized and should examine areas including but not limited to:

You may also wish to assess information security policies and procedures, access controls (logical or physical), readiness for SSAE16, ISO 27000 series, or PCI compliance, and disaster recovery procedures, or business continuity plans for both internal and external assessments.

The benefits of a network assessment include documentation to help you understand your current security and reliability posture in terms of best practices, and steps to remediate gaps in best practices. This type of assessment can form the basis for system-wide documentation and further policy development if needed. In addition, once you remediate any gaps in the assessment, you can begin to document best practices with respect to network/system architecture, security, change management, disaster recovery and business continuity.

The next logical steps to enhancing your security and reliability posture are to execute periodic vulnerability assessments and penetration testing, which I will delve into in the following posts.

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet